ICANN ICANN Email List Archives

[gnso-ff-pdp-may08]


<<< Chronological Index >>>    <<< Thread Index >>>

RE: [gnso-ff-pdp-may08] Rasmussen/Piscitello action 4.b 4.c and 4.e

  • To: "'Dave Piscitello'" <dave.piscitello@xxxxxxxxx>, "'Fast Flux Workgroup'" <gnso-ff-pdp-May08@xxxxxxxxx>
  • Subject: RE: [gnso-ff-pdp-may08] Rasmussen/Piscitello action 4.b 4.c and 4.e
  • From: "Greg Aaron" <gaaron@xxxxxxxxxxxx>
  • Date: Wed, 6 May 2009 09:38:08 -0400

Is the first paragraph recommending a contractual requirement upon
registrars and registries?  


-----Original Message-----
From: Dave Piscitello [mailto:dave.piscitello@xxxxxxxxx] 
Sent: Wednesday, May 06, 2009 8:38 AM
To: Fast Flux Workgroup
Subject: [gnso-ff-pdp-may08] Rasmussen/Piscitello action 4.b 4.c and 4.e


Again, on behalf of Rod and myself. We believe that the proposed answer
addresses three comments.

(4.b) Monitoring DNS activity and reporting suspicious behavior to
law enforcement or other appropriate reporting mechanism
(4.c) Adopting measures that make fast flux either harder to
perform or unattractive
(4.e) Adopting accelerated domain suspension processing in
collaboration with certified investigators / responders

 
Proposed answer: ICANN has contractual relationships with registrars and
gTLD registries. While monitoring and reporting DNS activities through these
parties might provide some detection and deterrent to fast flux hosting,
other parties outside ICANN's policy and contractual reach - subdomain
registries, hosting providers, ISPs public DNS operators - would not be
obliged to monitor and report suspicious activities. There may be value in
recommending that registrars monitor certain DNS configuration behavior for
domains they sponsor. This could be part of an overall set of protective
measures registrars offer to registrants to reduce the risk of hijacking and
DNS abuse.

The WG observes that reporting "suspicious activity" to law enforcement can
be problematic in several respects. In certain jurisdictions, for example,
Law Enforcement cannot accept certain information without the consent of the
victim. Volume is also a problem, as law enforcement case loads are, on
average, extremely high. Adding to this load without a clear definition of
what constitutes "suspicious activity" and without a clear definition of the
information that can be practically used by LEAs could prove more burdensome
than useful.








<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy